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CLAIMS 



A 



1 . Process for the remote authentication of a user (7) for lo^al access to a local 
machine (4) belonging to a network (5) that includes a remote server (3) managed by an 
administrator (8) and containing means (6) for classifying information, characterized in that it 
consists of: / 

creating a challenge (D) capable of being transmitted by Communication means (9) 5 
the communication means (9) connecting the user (7) Wth the administrator (8); 
communicating to the administrator (8) the challenge (D) created as well as elements 
known by the user, via the communication means (9k 
• performing a predetermined calculation by means pf the server (3) in order to obtain a 
response (RD) that is a function of the challeng^(D) and/or of predetermined data; 
transmitting to the user (7) the response (RD) obtained through the communication 



means (9); 

performing a calculation by means of the local machine (4) in the same way as the 
server (3) in order to obtain a response (RD1) that is a function of the challenge (D) 
and/or of predetermined data; / 



comparing the response (RD) transmitted by the administrator to the response (RD1) 
calculated by the local machine (4) and locally authorizing the user's connection to the 
machine (4) based on the result of the comparison. 

2. Process according to claim/1, characterized in that the calculation performed 
by the server (3) consists of modifying, in accordance with a given algorithm, the challenge 
(D) and/or at least one of the followingypieces of data: at least one piece of information issued 
by the classification means and known by the user, at least one secret shared between the 
server (3) and the local machine (4),yat least one element communicated by the user. 



3. Process according^to either of claims 1 or 2, characterized in that the 
calculation performed by the local machine (4) consists of modifying, in accordance with a 
given algorithm, the challengey(D) and/or at least one of the following pieces of data: at least 
one secret shared between the/ server (3) and the local machine (4), at least one element 
communicated by the user. 
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1 4. Process according to either claim 2 or 3, characterized in that tne shared 

2 secrets are entered into the server (3) and transmitted to the local machine (4) during a 

3 successful network authentication. / 

1 5. Process according to any of claims 2 through 4, characterized in that the 

2 shared secret or secrets are modified by means of a modification kpy (C) that depends on the 

3 local machine (4), prior to being modified by the algorithm. / 

1 6. Process according to claim 5, characterized ii^that the modification key (C) 

2 consists of concatenating the secret or a combination of secrets existing in the form of a byte 

3 string called a Master Station Secret and of hashing the t^yte string obtained through 

4 concatenation by means of a calculation algorithm, in order to obtain a byte string called a 

5 Station Secret. / 

1 7. Process according to any of claims/2 through 6, characterized in that the 

2 shared secret or secrets are accompanied by a version number that is incremented each time 

3 the secret is modified. / ~ 

/ ^ 

1 8. Process according to any ofclaims 1 through 7, characterized in that the 

2 challenge is constituted by a byte string. / 

1 9. Process according to claims 7 and 8, characterized in that the challenge is 

2 composed of: / 

3 • a first byte representing thytype of challenge, the type indicating whether a network 

4 authentication has been performed; 

5 • second and third bytes representing the version number of the shared information; 

6 • random alphanumeri^haracters of the fourth to twelfth bytes. 

1 10. Process according to claim 6, characterized in that the response (RD; RD1) is 

2 calculated by hashing, in accordance with a calculation algorithm, a character string 
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/ 

composed of the concatenation in a predetermined order of the challenge, the character string 
resulting from the transformation by a calculation algorithm of the user's password, the 
Station Secret and the user's name. 



1 1 . Process according to any of claims 1 through 9, characterized in that the 
response (RD; RD1) is calculated by hashing, in accordance whh a calculation algorithm, a 
character string composed of the concatenation in a predetermined order of the challenge, a 
fixed security key CC stored in the local machine (4) anc^in the server (3), the name of the 
local machine (4), the character string resulting from the transformation by a calculation 
algorithm of the user's password and user name. 



12. Process according to any of claims 1 through 1 1 , characterized in that the local 
connection authorized is temporary, the authorized duration being configurable. 



3 



13. Process according to any of claims 1 through 12, characterized in that it 
consists of locally authenticating th^user (7) after a disconnection by the user (7) 
authenticated remotely. 



14. System for the remote authentication of a user (7) for local access to a machine 
called a local machine (4-^belonging to a network (5) that includes a remote server (3) 
managed by an administrator (8) and containing means (6) for classifying information, 
characterized in that \j comprises communication means (9) connecting the user (7) with the 
administrator (8), inthat each local machine (4) comprises a user authentication module (10) 
that includes a u^er module for generating a challenge (11) and a user module for calculating 
a response to ^challenge (12), and in that the server (3) comprises an administrative 
authentication module (13) comprising an administrative module for calculating a response to 



a challen^^H), 
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